From owner-freebsd-hackers Sat Jul 31 12:47:59 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from cheddar.netmonger.net (cheddar.netmonger.net [209.54.21.140]) by hub.freebsd.org (Postfix) with ESMTP id B359914F05; Sat, 31 Jul 1999 12:45:08 -0700 (PDT) (envelope-from chris@cheddar.netmonger.net) Received: (from chris@localhost) by cheddar.netmonger.net (8.8.8/8.8.8) id PAA02477; Sat, 31 Jul 1999 15:44:59 -0400 (EDT) Message-ID: <19990731154458.A2068@netmonger.net> Date: Sat, 31 Jul 1999 15:44:58 -0400 From: Christopher Masto To: Warner Losh , "Brian F. Feldman" Cc: "Jordan K. Hubbard" , hackers@FreeBSD.ORG Subject: Re: So, back on the topic of enabling bpf in GENERIC... References: <199907302342.RAA85088@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91.1i In-Reply-To: <199907302342.RAA85088@harmony.village.org>; from Warner Losh on Fri, Jul 30, 1999 at 05:42:57PM -0600 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, Jul 30, 1999 at 05:42:57PM -0600, Warner Losh wrote: > In message "Brian F. Feldman" writes: > : And how about having > : if (securelevel > 3) > : return (EPERM); > : in bpf_open()? > > There are no security levels > 3. I'd be happy with > 0. This is > consistant with the meaning of "raw devices". I hope you mean "> 1". I often diagnose problems using tcpdump etc., and I don't think bpf should be broken just because someone wants the minor "flags can't be turned off" feature of level 1. It seems to be that disabling bpf is more appropriate for security level 2 and up, if such a thing is desirable. I'm not sure it is. -- Christopher Masto Senior Network Monkey NetMonger Communications chris@netmonger.net info@netmonger.net http://www.netmonger.net Free yourself, free your machine, free the daemon -- http://www.freebsd.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message